Headline
CVE-2021-33657: Always create a full 256-entry map in case color values are out of range · libsdl-org/SDL@8c91cf7
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.
@@ -947,7 +947,7 @@ Map1to1(SDL_Palette * src, SDL_Palette * dst, int *identical)
}
*identical = 0;
}
map = (Uint8 *) SDL_malloc(src->ncolors);
map = (Uint8 *) SDL_calloc(256, sizeof(Uint8));
if (map == NULL) {
SDL_OutOfMemory();
return (NULL);
@@ -971,7 +971,7 @@ Map1toN(SDL_PixelFormat * src, Uint8 Rmod, Uint8 Gmod, Uint8 Bmod, Uint8 Amod,
SDL_Palette *pal = src->palette;
bpp = ((dst->BytesPerPixel == 3) ? 4 : dst->BytesPerPixel);
map = (Uint8 *) SDL_malloc(pal->ncolors * bpp);
map = (Uint8 *) SDL_calloc(256, bpp);
if (map == NULL) {
SDL_OutOfMemory();
return (NULL);
Related news
Gentoo Linux Security Advisory 202305-18 - Multiple vulnerabilities have been found in libsdl2, the worst of which could result in arbitrary code execution. Versions less than 2.26.0 are affected.
Gentoo Linux Security Advisory 202305-17 - Multiple vulnerabilities have been found in libsdl, the worst of which could result in arbitrary code execution. Versions less than 1.2.15_p20221201>= are affected.